Sign-In Error Code ReferenceSign-In Error Code Reference
Massive Referenz für die angeforderten AADSTS Fehlercodes mit Ursache und Lösung.Massive reference for the requested AADSTS error codes with causes and resolution.
Triage zuerstTriage first
Immer Fehlercode, Timestamp, Trace ID, Correlation ID, Client-App und Tenant notieren.Always capture the error code, timestamp, trace ID, correlation ID, client app, and tenant.
AADSTS FehlerreferenzAADSTS error reference
| FehlercodeError code | FehlermeldungError message | UrsacheCause | LösungsschritteResolution steps |
|---|---|---|---|
| AADSTS50001AADSTS50001 | The resource is disabled or the resource named could not be found. This can happen if the application has not been installed by the administrator of the tenant, or if the resource principal was not found in the directory or is invalid due to a typo.The resource is disabled or the resource named could not be found. This can happen if the application has not been installed by the administrator of the tenant, or if the resource principal was not found in the directory or is invalid due to a typo. | Tenant-ID oder Authority ist falsch.Tenant ID or authority is wrong. | Tenant/Authority validieren und den korrekten Endpunkt verwenden.Validate tenant/authority and use the correct endpoint. |
| AADSTS50005AADSTS50005 | User tried to log in to a device from a platform ({platform}) that's currently not supported through Conditional Access policy. Supported device platforms are: iOS, Android, Mac, and Windows flavors.User tried to log in to a device from a platform ({platform}) that's currently not supported through Conditional Access policy. Supported device platforms are: iOS, Android, Mac, and Windows flavors. | Conditional Access blockiert die Anmeldung.Conditional Access is blocking the sign-in. | Sign-In Logs öffnen, blockierende Policy identifizieren und Scope/Conditions prüfen.Open sign-in logs, identify the blocking policy, and review scope/conditions. |
| AADSTS50011AADSTS50011 | The {redirectTerm} '{replyAddress}' specified in the request does not match the {redirectTerm}s configured for the application '{identifier}'. Make sure the {redirectTerm} sent in the request matches one added to your application in the Azure portal. Navigate to {akamsLink} to learn more about how to fix this. {detail}The {redirectTerm} '{replyAddress}' specified in the request does not match the {redirectTerm}s configured for the application '{identifier}'. Make sure the {redirectTerm} sent in the request matches one added to your application in the Azure portal. Navigate to {akamsLink} to learn more about how to fix this. {detail} | Redirect URI passt nicht exakt zur App-Registrierung.Redirect URI does not exactly match the app registration. | App registration > Authentication prüfen, URI exakt angleichen.Review App registration > Authentication and match the URI exactly. |
| AADSTS50020AADSTS50020 | User account '{email}' from identity provider '{idp}' does not exist in tenant '{tenant}' and cannot access the application '{appId}'({appName}) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.User account '{email}' from identity provider '{idp}' does not exist in tenant '{tenant}' and cannot access the application '{appId}'({appName}) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. | Benutzerobjekt fehlt, ist deaktiviert oder im falschen Tenant.User object is missing, disabled, or in the wrong tenant. | UPN, Gaststatus, Kontostatus und Hybrid-Synchronisierung prüfen.Review UPN, guest state, account state, and hybrid sync. |
| AADSTS50034AADSTS50034 | The user account {identifier} does not exist in the {tenant} directory. To sign into this application, the account must be added to the directory.The user account {identifier} does not exist in the {tenant} directory. To sign into this application, the account must be added to the directory. | Benutzerobjekt fehlt, ist deaktiviert oder im falschen Tenant.User object is missing, disabled, or in the wrong tenant. | UPN, Gaststatus, Kontostatus und Hybrid-Synchronisierung prüfen.Review UPN, guest state, account state, and hybrid sync. |
| AADSTS50053AADSTS50053 | The account is locked, you've tried to sign in too many times with an incorrect user ID or password.The account is locked, you've tried to sign in too many times with an incorrect user ID or password. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS50055AADSTS50055 | The password is expired.The password is expired. | Kennwortzustand verhindert die Anmeldung.Password state blocks sign-in. | Kennwort zurücksetzen/ändern und Hybrid-Sync oder Writeback prüfen.Reset/change the password and review hybrid sync or writeback. |
| AADSTS50056AADSTS50056 | Invalid or missing password: password does not exist in the directory for this user.Invalid or missing password: password does not exist in the directory for this user. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS50057AADSTS50057 | The user account is disabled.The user account is disabled. | Benutzerobjekt fehlt, ist deaktiviert oder im falschen Tenant.User object is missing, disabled, or in the wrong tenant. | UPN, Gaststatus, Kontostatus und Hybrid-Synchronisierung prüfen.Review UPN, guest state, account state, and hybrid sync. |
| AADSTS50058AADSTS50058 | Session information is not sufficient for single-sign-on.Session information is not sufficient for single-sign-on. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS50059AADSTS50059 | No tenant-identifying information found in either the request or implied by any provided credentials.No tenant-identifying information found in either the request or implied by any provided credentials. | Anwendungsanmeldeinformationen sind ungültig oder abgelaufen.Application credentials are invalid or expired. | Secret/Zertifikat erneuern und App-Konfiguration aktualisieren.Renew the secret/certificate and update the app configuration. |
| AADSTS50064AADSTS50064 | See official Entra error reference.See official Entra error reference. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS50072AADSTS50072 | Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access '{identifier}'.Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access '{identifier}'. | MFA/Strong Auth ist nicht erfüllt.MFA/strong auth is not satisfied. | MFA-Registrierung, Methoden und Auth Strength prüfen.Review MFA registration, methods, and authentication strength. |
| AADSTS50076AADSTS50076 | Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '{resource}'.Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '{resource}'. | Conditional Access blockiert die Anmeldung.Conditional Access is blocking the sign-in. | Sign-In Logs öffnen, blockierende Policy identifizieren und Scope/Conditions prüfen.Open sign-in logs, identify the blocking policy, and review scope/conditions. |
| AADSTS50079AADSTS50079 | Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access '{identifier}'.Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access '{identifier}'. | Conditional Access blockiert die Anmeldung.Conditional Access is blocking the sign-in. | Sign-In Logs öffnen, blockierende Policy identifizieren und Scope/Conditions prüfen.Open sign-in logs, identify the blocking policy, and review scope/conditions. |
| AADSTS50089AADSTS50089 | Authentication failed due to flow token expired.Authentication failed due to flow token expired. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS50097AADSTS50097 | Device authentication is required.Device authentication is required. | Conditional Access blockiert die Anmeldung.Conditional Access is blocking the sign-in. | Sign-In Logs öffnen, blockierende Policy identifizieren und Scope/Conditions prüfen.Open sign-in logs, identify the blocking policy, and review scope/conditions. |
| AADSTS50105AADSTS50105 | Your administrator has configured the application {appName} ('{appId}') to block users unless they are specifically granted ('assigned') access to the application. The signed in user '{user}' is blocked because they are not a direct member of a group with access, nor had access directly assigned by an administrator. Please contact your administrator to assign access to this application.Your administrator has configured the application {appName} ('{appId}') to block users unless they are specifically granted ('assigned') access to the application. The signed in user '{user}' is blocked because they are not a direct member of a group with access, nor had access directly assigned by an administrator. Please contact your administrator to assign access to this application. | Conditional Access blockiert die Anmeldung.Conditional Access is blocking the sign-in. | Sign-In Logs öffnen, blockierende Policy identifizieren und Scope/Conditions prüfen.Open sign-in logs, identify the blocking policy, and review scope/conditions. |
| AADSTS50126AADSTS50126 | Error validating credentials due to invalid username or password.Error validating credentials due to invalid username or password. | Anwendungsanmeldeinformationen sind ungültig oder abgelaufen.Application credentials are invalid or expired. | Secret/Zertifikat erneuern und App-Konfiguration aktualisieren.Renew the secret/certificate and update the app configuration. |
| AADSTS50128AADSTS50128 | No tenant-identifying information found in either the request or implied by any provided credentials.No tenant-identifying information found in either the request or implied by any provided credentials. | Anwendungsanmeldeinformationen sind ungültig oder abgelaufen.Application credentials are invalid or expired. | Secret/Zertifikat erneuern und App-Konfiguration aktualisieren.Renew the secret/certificate and update the app configuration. |
| AADSTS50129AADSTS50129 | The device is not workplace joined. Workplace join is required to register the device.The device is not workplace joined. Workplace join is required to register the device. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS50131AADSTS50131 | Device is not in required device state: {state}. Or, the request was blocked due to suspicious activity, access policy, or security policy decisions.Device is not in required device state: {state}. Or, the request was blocked due to suspicious activity, access policy, or security policy decisions. | Conditional Access blockiert die Anmeldung.Conditional Access is blocking the sign-in. | Sign-In Logs öffnen, blockierende Policy identifizieren und Scope/Conditions prüfen.Open sign-in logs, identify the blocking policy, and review scope/conditions. |
| AADSTS50132AADSTS50132 | The session is not valid due the following reasons: password expiration or recent password change, SSO Artifact is invalid or expired, session is not fresh enough for application, or a silent sign-in request was sent but the user's session with Azure AD is invalid or has expired.The session is not valid due the following reasons: password expiration or recent password change, SSO Artifact is invalid or expired, session is not fresh enough for application, or a silent sign-in request was sent but the user's session with Azure AD is invalid or has expired. | Kennwortzustand verhindert die Anmeldung.Password state blocks sign-in. | Kennwort zurücksetzen/ändern und Hybrid-Sync oder Writeback prüfen.Reset/change the password and review hybrid sync or writeback. |
| AADSTS50133AADSTS50133 | The session is not valid due to password expiration or recent password change.The session is not valid due to password expiration or recent password change. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS50140AADSTS50140 | This occurred due to 'Keep me signed in' interrupt when the user was signing in.This occurred due to 'Keep me signed in' interrupt when the user was signing in. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS50143AADSTS50143 | Session mismatch. The session is invalid because user tenant does not match the domain hint.Session mismatch. The session is invalid because user tenant does not match the domain hint. | Tenant-ID oder Authority ist falsch.Tenant ID or authority is wrong. | Tenant/Authority validieren und den korrekten Endpunkt verwenden.Validate tenant/authority and use the correct endpoint. |
| AADSTS50144AADSTS50144 | The user's Active Directory password has expired.The user's Active Directory password has expired. | Kennwortzustand verhindert die Anmeldung.Password state blocks sign-in. | Kennwort zurücksetzen/ändern und Hybrid-Sync oder Writeback prüfen.Reset/change the password and review hybrid sync or writeback. |
| AADSTS50146AADSTS50146 | This application is required to be configured with an application-specific signing key. It is either not configured with one, or the key has expired or is not yet valid.This application is required to be configured with an application-specific signing key. It is either not configured with one, or the key has expired or is not yet valid. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS50155AADSTS50155 | Device authentication failed.Device authentication failed. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS50158AADSTS50158 | External security challenge not satisfied. User will be redirected to another page or authentication provider to satisfy additional authentication challenges.External security challenge not satisfied. User will be redirected to another page or authentication provider to satisfy additional authentication challenges. | Redirect URI passt nicht exakt zur App-Registrierung.Redirect URI does not exactly match the app registration. | App registration > Authentication prüfen, URI exakt angleichen.Review App registration > Authentication and match the URI exactly. |
| AADSTS50173AADSTS50173 | The provided grant has expired due to it being revoked, a fresh auth token is needed. The user might have changed or reset their password. The grant was issued on '{authTime}' and the TokensValidFrom date (before which tokens are not valid) for this user is '{validDate}'.The provided grant has expired due to it being revoked, a fresh auth token is needed. The user might have changed or reset their password. The grant was issued on '{authTime}' and the TokensValidFrom date (before which tokens are not valid) for this user is '{validDate}'. | Kennwortzustand verhindert die Anmeldung.Password state blocks sign-in. | Kennwort zurücksetzen/ändern und Hybrid-Sync oder Writeback prüfen.Reset/change the password and review hybrid sync or writeback. |
| AADSTS50177AADSTS50177 | User account '{user}' from identity provider '{idp}' does not exist in tenant '{tenant}' and cannot access the application '{appId}'({appName}) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.User account '{user}' from identity provider '{idp}' does not exist in tenant '{tenant}' and cannot access the application '{appId}'({appName}) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. | Benutzerobjekt fehlt, ist deaktiviert oder im falschen Tenant.User object is missing, disabled, or in the wrong tenant. | UPN, Gaststatus, Kontostatus und Hybrid-Synchronisierung prüfen.Review UPN, guest state, account state, and hybrid sync. |
| AADSTS50196AADSTS50196 | The server terminated an operation because it encountered a client request loop. Please contact your app vendor.The server terminated an operation because it encountered a client request loop. Please contact your app vendor. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS51000AADSTS51000 | {feature} is/are disabled.{feature} is/are disabled. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS51001AADSTS51001 | Domain Hint must be present with On-Premises Security Identifier/ On-Premises UPN.Domain Hint must be present with On-Premises Security Identifier/ On-Premises UPN. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS51004AADSTS51004 | The user account {identifier} does not exist in the {tenant} directory. To sign into this application, the account must be added to the directory.The user account {identifier} does not exist in the {tenant} directory. To sign into this application, the account must be added to the directory. | Benutzerobjekt fehlt, ist deaktiviert oder im falschen Tenant.User object is missing, disabled, or in the wrong tenant. | UPN, Gaststatus, Kontostatus und Hybrid-Synchronisierung prüfen.Review UPN, guest state, account state, and hybrid sync. |
| AADSTS52004AADSTS52004 | The user or administrator has not consented to use the application with ID '{identifier}'{namePhrase}. Send an interactive authorization request for this user and resource.The user or administrator has not consented to use the application with ID '{identifier}'{namePhrase}. Send an interactive authorization request for this user and resource. | Benutzer- oder Admin-Consent fehlt.User or admin consent is missing. | Admin Consent erteilen oder angeforderte Berechtigungen reduzieren.Grant admin consent or reduce requested permissions. |
| AADSTS53000AADSTS53000 | Device is not in required device state: {state}. Conditional Access policy requires a compliant device, and the device is not compliant. The user must enroll their device with an approved MDM provider like Intune.Device is not in required device state: {state}. Conditional Access policy requires a compliant device, and the device is not compliant. The user must enroll their device with an approved MDM provider like Intune. | Conditional Access blockiert die Anmeldung.Conditional Access is blocking the sign-in. | Sign-In Logs öffnen, blockierende Policy identifizieren und Scope/Conditions prüfen.Open sign-in logs, identify the blocking policy, and review scope/conditions. |
| AADSTS53003AADSTS53003 | Access has been blocked by Conditional Access policies. The access policy does not allow token issuance.Access has been blocked by Conditional Access policies. The access policy does not allow token issuance. | Conditional Access blockiert die Anmeldung.Conditional Access is blocking the sign-in. | Sign-In Logs öffnen, blockierende Policy identifizieren und Scope/Conditions prüfen.Open sign-in logs, identify the blocking policy, and review scope/conditions. |
| AADSTS54000AADSTS54000 | User is not allowed to access application {appName} due to Legal Age Group Requirement of application {audience}.User is not allowed to access application {appName} due to Legal Age Group Requirement of application {audience}. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS65001AADSTS65001 | The user or administrator has not consented to use the application with ID '{identifier}'{namePhrase}. Send an interactive authorization request for this user and resource.The user or administrator has not consented to use the application with ID '{identifier}'{namePhrase}. Send an interactive authorization request for this user and resource. | Benutzer- oder Admin-Consent fehlt.User or admin consent is missing. | Admin Consent erteilen oder angeforderte Berechtigungen reduzieren.Grant admin consent or reduce requested permissions. |
| AADSTS65004AADSTS65004 | User declined to consent to access the app.User declined to consent to access the app. | Benutzer- oder Admin-Consent fehlt.User or admin consent is missing. | Admin Consent erteilen oder angeforderte Berechtigungen reduzieren.Grant admin consent or reduce requested permissions. |
| AADSTS65005AADSTS65005 | The application '{name}' asked for scope '{scope}' that doesn't exist.The application '{name}' asked for scope '{scope}' that doesn't exist. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS67003AADSTS67003 | The client '{appId}'({appName}) is not a valid service identity.The client '{appId}'({appName}) is not a valid service identity. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS70000AADSTS70000 | Provided grant is invalid or malformed.Provided grant is invalid or malformed. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS70002AADSTS70002 | Client application name '{appName}' is not valid or the credentials used to authenticate the client could not be understood by the server.Client application name '{appName}' is not valid or the credentials used to authenticate the client could not be understood by the server. | Anwendungsanmeldeinformationen sind ungültig oder abgelaufen.Application credentials are invalid or expired. | Secret/Zertifikat erneuern und App-Konfiguration aktualisieren.Renew the secret/certificate and update the app configuration. |
| AADSTS70003AADSTS70003 | The app requested an unsupported grant type '{type}'.The app requested an unsupported grant type '{type}'. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS70005AADSTS70005 | 'The application requested an unsupported response type '{type}' when requesting a token.'The application requested an unsupported response type '{type}' when requesting a token. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS70008AADSTS70008 | The provided authorization code or refresh token has expired due to inactivity. Send a new interactive authorization request for this user and resource.The provided authorization code or refresh token has expired due to inactivity. Send a new interactive authorization request for this user and resource. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS70011AADSTS70011 | The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid. The scope {scope} is not valid.{detailsPhrase}The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid. The scope {scope} is not valid.{detailsPhrase} | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS70016AADSTS70016 | OAuth 2.0 device flow error. Authorization is pending. Continue polling.OAuth 2.0 device flow error. Authorization is pending. Continue polling. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS75003AADSTS75003 | See official Entra error reference.See official Entra error reference. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS75005AADSTS75005 | The request is not a valid SAML 2.0 protocol message or contains invalid or potentially dangerous characters.The request is not a valid SAML 2.0 protocol message or contains invalid or potentially dangerous characters. | Tenant-ID oder Authority ist falsch.Tenant ID or authority is wrong. | Tenant/Authority validieren und den korrekten Endpunkt verwenden.Validate tenant/authority and use the correct endpoint. |
| AADSTS75011AADSTS75011 | Authentication method '{usedMethod}' by which the user authenticated with the service doesn't match requested authentication method '{requestedMethod}'. Contact the {appName} application owner.Authentication method '{usedMethod}' by which the user authenticated with the service doesn't match requested authentication method '{requestedMethod}'. Contact the {appName} application owner. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS75016AADSTS75016 | The SP name qualifier '{name}' is not valid.The SP name qualifier '{name}' is not valid. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS76021AADSTS76021 | The request sent by client is not signed while the application requires signed requestsThe request sent by client is not signed while the application requires signed requests | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS76026AADSTS76026 | The request has expired. Try to submit new request.The request has expired. Try to submit new request. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS80001AADSTS80001 | No Microsoft Azure AD Connect Authentication Agent was found. Make sure that your environment is configured correctly. If your directory is set for pass-through authentication, make sure that your Microsoft Azure AD Connect Authentication Agent is online.No Microsoft Azure AD Connect Authentication Agent was found. Make sure that your environment is configured correctly. If your directory is set for pass-through authentication, make sure that your Microsoft Azure AD Connect Authentication Agent is online. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS80010AADSTS80010 | Cannot encrypt with key identifier '{key}'. The Authentication Agent is unable to decrypt password.Cannot encrypt with key identifier '{key}'. The Authentication Agent is unable to decrypt password. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS80012AADSTS80012 | Your account has time restrictions that keep you from signing in right now.Your account has time restrictions that keep you from signing in right now. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS81004AADSTS81004 | Kerberos authentication failed.Kerberos authentication failed. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS81006AADSTS81006 | No authorization header was found, returning 401 WWW-Authenticate.No authorization header was found, returning 401 WWW-Authenticate. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS81012AADSTS81012 | The user trying to sign in to Azure AD is different from the user signed into the device.The user trying to sign in to Azure AD is different from the user signed into the device. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS90002AADSTS90002 | Tenant '{tenant_name}' not found. Check to make sure you have the correct tenant ID and are signing into the correct cloud. Check with your subscription administrator, this may happen if there are no active subscriptions for the tenant.Tenant '{tenant_name}' not found. Check to make sure you have the correct tenant ID and are signing into the correct cloud. Check with your subscription administrator, this may happen if there are no active subscriptions for the tenant. | Tenant-ID oder Authority ist falsch.Tenant ID or authority is wrong. | Tenant/Authority validieren und den korrekten Endpunkt verwenden.Validate tenant/authority and use the correct endpoint. |
| AADSTS90004AADSTS90004 | The request is not properly formatted.The request is not properly formatted. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS90010AADSTS90010 | Unable to create {algoName} algorithm.Unable to create {algoName} algorithm. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS90014AADSTS90014 | The required field '{name}' is missing from the credential. Ensure that you have all the necessary parameters for the login request.The required field '{name}' is missing from the credential. Ensure that you have all the necessary parameters for the login request. | Anwendungsanmeldeinformationen sind ungültig oder abgelaufen.Application credentials are invalid or expired. | Secret/Zertifikat erneuern und App-Konfiguration aktualisieren.Renew the secret/certificate and update the app configuration. |
| AADSTS90015AADSTS90015 | Requested query string is too long.Requested query string is too long. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS90072AADSTS90072 | User account '{user}' from identity provider '{idp}' does not exist in tenant '{tenant}' and cannot access the application '{application}'({appName}) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user accountUser account '{user}' from identity provider '{idp}' does not exist in tenant '{tenant}' and cannot access the application '{application}'({appName}) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account | Benutzerobjekt fehlt, ist deaktiviert oder im falschen Tenant.User object is missing, disabled, or in the wrong tenant. | UPN, Gaststatus, Kontostatus und Hybrid-Synchronisierung prüfen.Review UPN, guest state, account state, and hybrid sync. |
| AADSTS90094AADSTS90094 | Admin consent is required for the permissions requested by this application.Admin consent is required for the permissions requested by this application. | Benutzer- oder Admin-Consent fehlt.User or admin consent is missing. | Admin Consent erteilen oder angeforderte Berechtigungen reduzieren.Grant admin consent or reduce requested permissions. |
| AADSTS90100AADSTS90100 | {name} parameter is empty or not valid.{name} parameter is empty or not valid. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS120000AADSTS120000 | Incorrect password.Incorrect password. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS120002AADSTS120002 | New password doesn't meet complexity requirements. Passwords can't contain user ID, and need to be 8-16 characters long, with at least 3 of the following: uppercase letters, lowercase letters, numbers, and symbols.New password doesn't meet complexity requirements. Passwords can't contain user ID, and need to be 8-16 characters long, with at least 3 of the following: uppercase letters, lowercase letters, numbers, and symbols. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS130004AADSTS130004 | UserPrincipal doesn't have the NGC key configured.UserPrincipal doesn't have the NGC key configured. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS135010AADSTS135010 | UserPrincipal doesn't have the key ID configured.UserPrincipal doesn't have the key ID configured. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS165004AADSTS165004 | Actual message content is runtime specific. Please see returned exception message for details.Actual message content is runtime specific. Please see returned exception message for details. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS165900AADSTS165900 | Invalid request.Invalid request. | Tenant-ID oder Authority ist falsch.Tenant ID or authority is wrong. | Tenant/Authority validieren und den korrekten Endpunkt verwenden.Validate tenant/authority and use the correct endpoint. |
| AADSTS500011AADSTS500011 | The resource principal named {name} was not found in the tenant named {tenant}. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.The resource principal named {name} was not found in the tenant named {tenant}. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant. | Benutzer- oder Admin-Consent fehlt.User or admin consent is missing. | Admin Consent erteilen oder angeforderte Berechtigungen reduzieren.Grant admin consent or reduce requested permissions. |
| AADSTS500021AADSTS500021 | Access to '{tenant}' tenant is denied.Access to '{tenant}' tenant is denied. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS500133AADSTS500133 | Assertion is not within its valid time range. Ensure that the access token is not expired before using it for user assertion, or request a new token. Current time: {curTime}, expiry time of assertion {expTime}.Assertion is not within its valid time range. Ensure that the access token is not expired before using it for user assertion, or request a new token. Current time: {curTime}, expiry time of assertion {expTime}. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS700016AADSTS700016 | Application with identifier '{appIdentifier}' was not found in the directory '{tenantName}'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.Application with identifier '{appIdentifier}' was not found in the directory '{tenantName}'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant. | Benutzer- oder Admin-Consent fehlt.User or admin consent is missing. | Admin Consent erteilen oder angeforderte Berechtigungen reduzieren.Grant admin consent or reduce requested permissions. |
| AADSTS700020AADSTS700020 | Application ID {identifier} is a reserved identifier and should be removed on the application: {applicationId}.Application ID {identifier} is a reserved identifier and should be removed on the application: {applicationId}. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS700022AADSTS700022 | No Subject claim provided in the assertion. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials .No Subject claim provided in the assertion. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials . | Anwendungsanmeldeinformationen sind ungültig oder abgelaufen.Application credentials are invalid or expired. | Secret/Zertifikat erneuern und App-Konfiguration aktualisieren.Renew the secret/certificate and update the app configuration. |
| AADSTS700024AADSTS700024 | Client assertion is not within its valid time range. Current time: {curTime}, assertion valid from {validTime}, expiry time of assertion {expTime}. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials .Client assertion is not within its valid time range. Current time: {curTime}, assertion valid from {validTime}, expiry time of assertion {expTime}. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials . | Anwendungsanmeldeinformationen sind ungültig oder abgelaufen.Application credentials are invalid or expired. | Secret/Zertifikat erneuern und App-Konfiguration aktualisieren.Renew the secret/certificate and update the app configuration. |
| AADSTS7000215AADSTS7000215 | Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app '{identifier}'.Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app '{identifier}'. | Anwendungsanmeldeinformationen sind ungültig oder abgelaufen.Application credentials are invalid or expired. | Secret/Zertifikat erneuern und App-Konfiguration aktualisieren.Renew the secret/certificate and update the app configuration. |
| AADSTS7000218AADSTS7000218 | The request body must contain the following parameter: 'client_assertion' or 'client_secret'.The request body must contain the following parameter: 'client_assertion' or 'client_secret'. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS7000222AADSTS7000222 | The provided client secret keys for app '{identifier}' are expired. Visit the Azure portal to create new keys for your app: https://aka.ms/NewClientSecret, or consider using certificate credentials for added security: https://aka.ms/certCreds.The provided client secret keys for app '{identifier}' are expired. Visit the Azure portal to create new keys for your app: https://aka.ms/NewClientSecret, or consider using certificate credentials for added security: https://aka.ms/certCreds. | Anwendungsanmeldeinformationen sind ungültig oder abgelaufen.Application credentials are invalid or expired. | Secret/Zertifikat erneuern und App-Konfiguration aktualisieren.Renew the secret/certificate and update the app configuration. |
| AADSTS900023AADSTS900023 | Specified tenant identifier '{tenant_id}' is neither a valid DNS name, nor a valid external domain.Specified tenant identifier '{tenant_id}' is neither a valid DNS name, nor a valid external domain. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS9002313AADSTS9002313 | Invalid request. Request is malformed or invalid.Invalid request. Request is malformed or invalid. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
| AADSTS9002325AADSTS9002325 | Proof Key for Code Exchange is required for cross-origin authorization code redemption.Proof Key for Code Exchange is required for cross-origin authorization code redemption. | Entra ID meldet einen Authentifizierungs- oder Autorisierungszustand.Entra ID is reporting an authentication or authorization state. | Correlation ID, Trace ID, App, Tenant und Richtlinien gemeinsam analysieren.Analyze correlation ID, trace ID, app, tenant, and policy context together. |
Nützliche ToolsUseful tools
- Entra Sign-In Logs mit Correlation ID und Conditional Access Details prüfen.Check Entra sign-in logs with correlation ID and Conditional Access details.
- login.microsoftonline.com/error?code=<Code> für den offiziellen Microsoft Lookup verwenden.Use login.microsoftonline.com/error?code=<code> for the official Microsoft lookup.
PowerShellPowerShell
Connect-MgGraph -Scopes "AuditLog.Read.All","Directory.Read.All"
Get-MgAuditLogSignIn -Top 20 | Select-Object CreatedDateTime,AppDisplayName,UserPrincipalName,CorrelationId,Status